• Joined on 2026-05-03
null closed issue null/BillTracker#70 2026-05-31 13:07:18 -05:00
CRITICAL: Incomplete user deletion - orphaned data risk
null commented on issue null/BillTracker#69 2026-05-31 12:56:35 -05:00
CRITICAL: SMTP password stored in plaintext in SQLite

0.34.2.1 corrected

null closed issue null/BillTracker#69 2026-05-31 12:56:35 -05:00
CRITICAL: SMTP password stored in plaintext in SQLite
null closed issue null/BillTracker#68 2026-05-31 12:46:13 -05:00
CRITICAL: Async route handlers lack try/catch - unhandled rejections crash process
null closed issue null/BillTracker#40 2026-05-31 12:31:12 -05:00
cycle_type and billing_cycle not acted on in statusService
null closed issue null/BillTracker#41 2026-05-31 12:31:12 -05:00
SimpleFIN Bank Sync — Backend + UI
null closed issue null/BillTracker#57 2026-05-31 12:31:12 -05:00
updateCheckService.js Forgejo URL is hard-coded with no env override
null closed issue null/BillTracker#15 2026-05-31 12:31:11 -05:00
Unit and integration tests
null closed issue null/BillTracker#16 2026-05-31 12:31:11 -05:00
Bill grouping and reorganization API
null closed issue null/BillTracker#39 2026-05-31 12:31:11 -05:00
UI for defining recurring bill generation rules
null opened issue null/BillTracker#85 2026-05-31 12:04:17 -05:00
LOW: Auto-generated encryption key stored in same SQLite database as encrypted data
null opened issue null/BillTracker#84 2026-05-31 12:04:12 -05:00
LOW: OIDC client secret stored in plaintext in user_settings table
null opened issue null/BillTracker#83 2026-05-31 12:04:08 -05:00
LOW: Login rate limiter bypassed when no users exist (first-run timing window)
null opened issue null/BillTracker#82 2026-05-31 12:04:04 -05:00
LOW: CORS_ORIGIN accepts comma-separated origins without URL validation
null opened issue null/BillTracker#81 2026-05-31 12:03:59 -05:00
LOW: LIVE constant interpolated into SQL queries in payments.js
null opened issue null/BillTracker#80 2026-05-31 12:03:55 -05:00
MEDIUM: CSRF cookie defaults to httpOnly=false - XSS bypasses CSRF protection
null opened issue null/BillTracker#79 2026-05-31 12:03:48 -05:00
MEDIUM: Admin routes use req.params.id without integer validation
null opened issue null/BillTracker#78 2026-05-31 12:03:44 -05:00
MEDIUM: No pagination on core list endpoints - returns all records
null opened issue null/BillTracker#77 2026-05-31 12:03:40 -05:00
MEDIUM: TrackerPage.jsx is 2386 lines with 44 hooks - maintainability and re-render risks